A Chinese CCTV system manufacturer, Hangzhou Xiongmai Technology Company, has admitted that many of its products are insecure and form part of the Mirai botnet that took the Dyn DNS server on Friday, taking down several high-profile websites and services in the process.
The Mirai botnet comprises Internet of Things (IoT) devices that have been compromised by the Mirai malware, which exploits devices running old and insecure versions of the Linux operating system.
In particular, Mirai is believed to have infected hundreds of thousands of digital video recorders (DVRs) that are hooked up to CCTV systems, which are exposed to the internet so that their users can remotely keep tabs on their security systems.
But in an email to Bloomberg, the company admitted that some of its products had been compromised and used in the attack. However, it added, products made by the company since September 2015 ought to be more secure.
"Mirai is a huge disaster for the Internet of Things. Xiongmai have to admit that our products also suffered from hacker's break-in and illegal use," the company admitted in its email to Bloomberg.
The company added, though, that it upgraded the firmware used in the devices that it makes a year ago, and has recalled a number of the older products.
It urged users to update the firmware and change the default user names and passwords. However, because companies like Xiongmai make CCTV systems for a variety of brands, users probably won't know whether their device was made by Xiongmai.
The Mirai source code was published on hacker forums earlier this month to enable anyone to crack the (non-existent) security of the DVR systems, as well as being adapted for use in other malware projects.
Krebbs' investigative work has indicated that the Mirai source code was the work of a DDoS-for-hire service, which would appear to run its own domain registration service.
The malware scans the internet continuously for IoT devices running the old and unpatched Linux operating system, before running a table of common default user names and passwords in order to log-in to the devices. The devices remain uninfected by the malware until rebooted and, if the password is not changed immediately, will infect the device within minutes.
The infected IoT devices will connect to a command and control server, enabling the hackers to use them for their own ends, whether that is conducting DDoS attacks or mining for bitcoin.
Security software company Bullguard has put together a service that can scan a home network against the Shodan database of open IoT ports.
Developers first in the queue to test TensorRT and TensorFlow integration tools running on Nvidia GPUs
Wikileaks Vault 7 suspect Joshua Schulte fingered by FBI after re-using smartphone passwords on his PCs
Joshua Schulte indicted on 13 counts relating to Vault 7 leaks and trading in images of child abuse
Alexa for Hospitality will link with existing systems so guests can order room service and control the air con
Massive volcanic eruptions could have warmed Mars' surface sufficiently for oceans to form